TransportationCybersecurity

SecTor 2025 | CAN Bus for Car Nerds and Security People Who Should Know Better

Black Hat
Black HatApr 25, 2026

Why It Matters

Understanding CAN bus fundamentals equips engineers and security analysts to innovate in EV conversions and protect vehicles from increasingly exploitable network‑level attacks.

Key Takeaways

  • CAN bus fundamentals enable vehicle diagnostics and custom integrations
  • Reverse‑engineering undocumented ECUs is essential for EV conversions
  • Simple tools like PCAN adapters provide affordable CAN sniffing
  • Security risks arise from unsecured CAN messages controlling critical functions
  • Understanding bit‑level payloads helps decode sensor and actuator data

Summary

The presentation at SecTor 2025 focused on the Controller Area Network (CAN) bus, demystifying its operation for both automotive enthusiasts and security professionals. The speaker, a former IT security specialist turned EV builder, explained why modern vehicles—especially those built after 2000—rely heavily on CAN for everything from engine control to climate systems, and how a single 120‑ohm‑terminated two‑wire network carries all critical data.

Key technical insights covered the broadcast‑based protocol, message identifiers, and the eight‑byte payload structure. Attendees learned to interpret binary signals, map bits to sensor states, and use inexpensive hardware such as PCAN USB adapters and DB9 connectors to tap into high‑speed and low‑speed buses. The speaker highlighted the necessity of reverse‑engineering undocumented ECUs during EV conversions, citing his own all‑electric race car, a retrofitted F‑250, and a GR86 with nine separate CAN domains.

Concrete examples illustrated the process: a real CAN frame from an electric AC compressor showed how a 16‑bit speed value and multiple single‑bit flags coexist in one message. The speaker also demonstrated how to splice into a vehicle’s passenger‑footwell pillar to access multiple buses simultaneously, turning a standard OBD‑II port into a multi‑bus gateway.

The talk underscored that while CAN offers powerful integration capabilities, its lack of authentication makes it a vector for attacks—headlight hacks, steering manipulation, and brake control can all stem from a single compromised node. For IT professionals, mastering CAN basics opens doors to automotive development, security research, and innovative EV retrofits, while reminding manufacturers of the urgent need for hardened in‑vehicle networks.

Original Description

In the world of custom car builds, knowing how to turn a wrench is only half the battle — the other half is figuring out why your 700hp engine swap won't talk to the dash, the AC won't work, and the wipers have developed a mind of their own. The answer, nine times out of ten? The CAN (Controller Area Network) bus.
So why are we talking about this at SecTor? Because reverse-engineering CAN is shockingly familiar territory: wire-level protocols, undocumented messages, weird vendor quirks, and the occasional "why did they do it that way?" moment. Sound familiar?
This session is a crash course in CAN for people who know what a packet sniffer is, even if they've never built a drift car. We'll cover:
• What CAN bus is and how it works (without turning it into an EE lecture)
• How to reverse-engineer vehicle signals with tools like SavvyCAN, cansniffer, and your favorite logic analyzer
• Real-world hacks like tricking factory gauges into working with aftermarket ECUs
• Making analog sensors speak fluent CAN
• Getting digital clusters, body control modules, and even climate systems to play nice
And when all else fails? We'll talk about workarounds, black-boxing, and why sometimes, the answer really is "just cut the wire."
Whether you're doing an EV swap, dropping a Hellcat into a 1970s pickup, or just want to understand how thieves steal F-150s by hotwiring the headlight — this session is for you.
Brian Bourne | Co-Founder, SecTor
Presentation Materials Available at:

Comments

Want to join the conversation?

Loading comments...